﻿Imports System.Data.SqlClient
Imports System.Web.Security
Imports System.Configuration
Imports System.Data.Sql
Imports System.Security.Cryptography
Imports System.Security.Principal

Partial Class admin_login
    Inherits System.Web.UI.Page

    Private _userid As Integer
    Public Property UserID() As Integer
        Get
            Return _userid
        End Get
        Set(ByVal value As Integer)
            _userid = value
        End Set
    End Property


    Dim connectionString As String = ConfigurationManager.ConnectionStrings("MMile").ConnectionString
    Dim objConn As New SqlConnection(connectionString)
    Dim objCmd As SqlCommand
    Dim objDR As SqlDataReader


    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean
        objConn.Open()
        objCmd = New SqlCommand("SELECT UserID, Salt, Password FROM Admin WHERE Username=@givenUsername", objConn)
        objCmd.Parameters.AddWithValue("@givenUsername", Username)

        objDR = objCmd.ExecuteReader()
        If Not objDR.Read() Then
            Return False
        Else
            Dim strSalt As String = objDR("Salt")
            Dim strStoredPassword As String = objDR("Password")
            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt & Password, "SHA1")
            Label1.Text = strSalt
            Label2.Text = strStoredPassword
            Label3.Text = strGivenPassword
            UserID() = objDR("UserID")
            Return strStoredPassword = strGivenPassword
        End If
    End Function

    Sub CheckCredentials_Click(ByVal s As Object, ByVal e As EventArgs)
        Dim mpTxtUsername As TextBox
        mpTxtUsername = CType(Master.FindControl("txtUsername"), TextBox)
        'If Not mpTxtUsername Is Nothing Then
        '    txtUsername.Text = "Master page label = " + mpTxtUsername.Text
        'End If
        Dim mpTxtPassword As TextBox
        mpTxtPassword = CType(Master.FindControl("txtUsername"), TextBox)
        'If Not mpTxtUsername Is Nothing Then
        '    txtPassword.Text = "Master page label = " + mpTxtUsername.Text
        'End If
    End Sub

    Sub CheckCredentialsLocal_Click(ByVal s As Object, ByVal e As EventArgs)
        Dim mpPnlLoggedIn As Panel
        mpPnlLoggedIn = CType(Master.FindControl("PnlLoggedIn"), Panel)
        Dim mpPnlLoggedOut As Panel
        mpPnlLoggedOut = CType(Master.FindControl("PnlLoggedOut"), Panel)
        If (CheckCredentials(txtUsername.Text, txtPassword.Text) = True) Then


            LogAdminAccess()
            Application_AuthenticateRequest()
            FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, Persist.Checked)

            Session("userStatus") = "AuthAdmin"
            Session("UserID") = UserID()
            Response.Redirect("Default.aspx")
        Else
            Session("userStatus") = "NotAuth"
        End If
    End Sub

    Sub LogAdminAccess()
        Dim conn As SqlConnection
        Dim comm As SqlCommand
        Dim connectionString As String = ConfigurationManager.ConnectionStrings("MMile").ConnectionString
        Dim DateTime As DateTime
        DateTime = Date.Now


        conn = New SqlConnection(connectionString)
        comm = New SqlCommand("INSERT INTO AdminLog (UserID, LoginTime) VALUES (@UserID, @LoginTime)", conn)

        comm.Parameters.Add("@UserID", Data.SqlDbType.NVarChar)
        comm.Parameters("@UserID").Value = UserID()
        comm.Parameters.Add("@LoginTime", Data.SqlDbType.DateTime)
        comm.Parameters("@LoginTime").Value = DateTime

        conn.Open()
        comm.ExecuteNonQuery()
        conn.Close()


    End Sub

    Sub Application_AuthenticateRequest()
        If Request.IsAuthenticated Then
            Dim connString As String = ConfigurationManager.ConnectionStrings("MMile").ConnectionString
            Dim conn As New SqlConnection(connString)
            Dim comm As SqlCommand

            conn.Open()
            comm.CommandText = "rolesForUser"
            comm.Connection = conn
            comm.Parameters.AddWithValue("@Username", User.Identity.Name)

            Dim reader As SqlDataReader

            reader = comm.ExecuteReader

            Dim roleList As New ArrayList

            Do While reader.Read()
                roleList.Add(reader("Name"))
            Loop

            Dim roleListArray As String() = roleList.ToArray(GetType(String))

            HttpContext.Current.User = New GenericPrincipal(User.Identity, roleListArray)
        End If
    End Sub


End Class
